-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impossible test in JWT 1.1 TCK #103
Comments
Proxy is a subclass. Why cannot the instanceof be done on the proxy? By the way, you need to provide an alternative Principal bean other than the in-built Principal. |
Because in CDI there's no guarantee on what the actual class of the proxy is. The only guarantee is that it is the type that the injection target has. This is a well known "problem" (some would say it's by design) in CDI. See https://issues.jboss.org/browse/CDI-10 and more directly https://issues.jboss.org/browse/CDI-597
I'm not sure that is needed. Where would it say that? If you set the principal in the right way using Java EE's SPIs, then everything else will see that principal (i.e. HttpServletRequest.getUserPrincipal, EJBContext.getCallerPrincipal, SecurityContext.getCallerPrincipal, and of course the standard @Inject Principal). Providing an alternative Principal bean would be a very local override (akin to providing a wrapped HttpServletRequest etc), and should not be needed. In fact, it's actually mostly unwanted as you run the risk to be out of sync with the other APIs to obtain that principal. |
@Emily-Jiang just to be sure the @injected You can cast the |
@arjantijms yes, what you said is the mandated by the spec. Principal you get will be JsonWebToken. |
…nWebToken Validate SecurityContext#getUserPrincipal as JsonWebToken
The test has been updated to validate that the Principal name matches rather than being castable, and that SecurityContext#getUserPrincipal does cast to JsonWebToken. |
…cation URL base. Move the test version enum to the tck api jar and update TCK readme.
…ce to indicate which version of MP-JWT the test is targeting, and document the expected behavior in TCK readme.
…these are PCKS#8
The JWT TCK contains the following test:
https://github.com/eclipse/microprofile-jwt-auth/blob/master/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/PrincipalInjectionEndpoint.java#L58
This is however impossible to pass in general.
Principal
is a proxy, and in CDI the only guarantee you have is that the proxy implements the type of the injection point.In other words, you can't do
instanceof
tests on the proxy for either types, and thus this test will never pass.I propose removing this test.
The text was updated successfully, but these errors were encountered: